[Samba] Issue with two domains in one LDAP tree

[Andrew Bartlett]

On Sat, 2004-10-30 at 00:18, Misty Stanley-Jones wrote:
> Hi,
> 
> I've just moved a second Samba domain to LDAP -- it works great!  However, the 
> first domain is now dead in the water.  It refuses to autenticate, and from 
> the logs it looks like it's not find the SambaDomainName entry in the LDAP 
> tree.  Here is a diagram of how my LDAP tree is set up.
> 
> dc=mycompany,dc=com
> |___ ou=computers
> |___ ou=people
> |___ ou=groups
> |___ sambaDomain=domain1
> |___ ou=domain2
> 	|___ ou=computers
> 	|___ ou=people
> 	|___ ou=groups
> 	|___ sambaDomain=domain2

> I also want to say that the reason I have domain2 off in its own subtree is 
> that it is going to eventually control its portion of the tree and take 
> referrals from the main LDAP tree.  It's over a T1 from the main office and I 
> want to keep bandwidth down.  I could put domain1 in its own subtree as well, 
> but it seems a little overkill if I can avoid it since there will be about 50 
> users of domain1 and only about 10 of domain2.

At 50 and 10 users, then you really should just have one domain.  LDAP
replication is a very small amount of traffic, and you will see more
benefits in having a single domain than splitting them.

Even if it was that 50,000 and 10,000 I would suggest keeping them in
one domain.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041102/0de58bfe/attachment.bin